Abstract
Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional end-to-end congestion control, the problem must be handled by the routers. Functionality is added to each router to detect and preferentially drop packets that probably belong to an attack. Upstream routers are also notified to drop such packets in order that the router's resources be used to route legitimate traffic hence term pushback. Client puzzles have been advocated as a promising countermeasure to DoS attacks in the recent years. In order to identify the attackers, the victim server issues a puzzle to the client that sent the traffic. When the client is able to solve the puzzle, it is assumed to be authentic and the traffic from it is allowed into the server. If the victim suspects that the puzzles are solved by most of the clients, it increases the complexity of the puzzles. This puzzle solving technique allows the traversal of the attack traffic throughout the intermediate routers before reaching the destination. In order to attain the advantages of both pushback and puzzle solving techniques, a hybrid scheme called Router based Pushback technique, which involves both the techniques to solve the problem of DDoS attacks is proposed. In this proposal, the puzzle solving mechanism is pushed back to the core routers rather than having at the victim. The router based client puzzle mechanism checks the host system whether it is legitimate or not by providing a puzzle to be solved by the suspected host.
Highlights
Denial of Service (DoS) attack is executed to determine a specific category of information warfare where a malicious user blocks legitimate users from accessing network services by exhausting the resources of the victim system
This is sometimes referred to as "traffic shaping”. This can be used in a proactive way if the traffic behaviour of the network is already known. It can be used in a reactive way by crafting an access rule that would match some of the network traffic using by the Distributed Denial-of-Service (DDoS) attack
With the proposed system, such problems are rectified as the congestion signature can be adjusted and updated in order to find these abnormalities over the network. This proposed method provides the strong defense against the malicious hosts in the network, and it identifies the attacker hosts by their traffic nature and blocks all the traffic from the attacker hosts
Summary
Denial of Service (DoS) attack is executed to determine a specific category of information warfare where a malicious user blocks legitimate users from accessing network services by exhausting the resources of the victim system. A client initiates a connection by sending a SYN packet to the server. The server acknowledges the request by sending a SYN ACK packet back to the client and allocating space for the connection in a buffer. The server fills up its buffer with incomplete connections, leaving no space for nonmalicious connection requests, and preventing the server from establishing DoS attack can be characterized as an attack with the purpose of preventing legitimate users from using a victim computing system or network resource. SYN attack, one of the most well known DDoS attacks on commercial platforms, showed that an attack rate of only 500 SYN packets per second is enough to overwhelm a server. After the first successful attack the victim lost its control capability against attack
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
